CookieAuthenticationFilterpublic class CookieAuthenticationFilter extends Object implements FilterFilter which handles application authentication. The filter implements
the following policy:
- If the user is in the session the filter exits;
- If not, the authentication cookies are looked for;
- If found, the authentication is attempted
- If authentication is successful, the user is object is stored in the session
- Otherwise, the cookies are invalid and subsequently removed from the response
|
Fields Summary |
---|
private String | onFailure | private FilterConfig | filterConfig | private static final Log | log |
Methods Summary |
---|
public void | destroy()
// Nothing necessary
| public void | doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String contextPath = req.getContextPath();
// if the requested page is the onFailure page continue
// down the chain to avoid an infinite redirect loop
if (req.getServletPath().equals(onFailure)) {
chain.doFilter(request, response);
return;
}
HttpSession session = req.getSession(); // get the session or create it
User user = (User) session.getAttribute(Constants.USER_KEY);
if (log.isDebugEnabled()) log.debug("User in session:"+user);
// if user is null get credentials from cookie; otherwise continue
if (user == null) {
boolean authentic = false;
Credentials credentials = SecurityUtils.findCredentials(req);
if (credentials != null) {
SecurityService security = getSecurityService();
try {
if (log.isDebugEnabled()) log.debug("Checking authentication");
user = security.authenticate(credentials);
session.setAttribute(Constants.USER_KEY, user);
authentic = true;
}
catch (Exception e) {
log.error("Unexpected authentication failure.", e);
SecurityUtils.removeCredentials(res);
}
}
// if not authentic redirect to the logon page
if (!authentic) {
res.sendRedirect(contextPath+onFailure);
//abort filter instead of chaining
return;
}
}
if (log.isDebugEnabled()) log.debug("Continuing filter chain ...");
chain.doFilter(request, response);
| protected SecurityService | getSecurityService()
ServletContext ctx = filterConfig.getServletContext();
return new SecurityServiceImpl((UserDatabase)ctx.getAttribute(Constants.DATABASE_KEY));
| public void | init(javax.servlet.FilterConfig filterConfig)
this.filterConfig = filterConfig;
onFailure = filterConfig.getInitParameter("onFailure");
|
|